RE: IE Lab 7 7.3 IPv6 Filtering.

From: Melwani, Manoj J (melwanim@citigroup.com)
Date: Sat Mar 25 2006 - 16:38:35 GMT-3

• Next message: san: "IOS Version for RS lab recommended read ?"
• Previous message: Melwani, Manoj J: "RE: IE Lab 7 7.3 IPv6 Filtering."
• Maybe in reply to: Melwani, Manoj J: "IE Lab 7 7.3 IPv6 Filtering."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Absolutely your ACL config which you sent me in your previous email makes more sense from the approach your taking.

thanks,
Manoj.

-----Original Message-----
From: Brian McGahan [mailto:bmcgahan@internetworkexpert.com]
Sent: Saturday, March 25, 2006 2:24 PM
To: Melwani, Manoj J; CCIE Group Study (E-mail)
Subject: RE: IE Lab 7 7.3 IPv6 Filtering.

        When you apply the filter outbound the traffic must be switched
between interfaces before being dropped. When you apply it inbound on
the opposite interfaces you are saving the router from having to do this
step. The filter could be more specifically written as follows, but as
it stands both the listed solution and your soluition accomplish the
requirement.

ipv6 access-list DENY_FROM_VLAN38
 deny ipv6 FEC0:CC1E:1:38::/64 FEC0:CC1E:1:4::/64
 permit ipv6 any any

HTH,

Brian McGahan, CCIE #8593
bmcgahan@internetworkexpert.com

Internetwork Expert, Inc.
http://www.InternetworkExpert.com
Toll Free: 877-224-8987 x 705
Outside US: 775-826-4344 x 705
24/7 Support: http://forum.internetworkexpert.com
Live Chat: http://www.internetworkexpert.com/chat/

> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf
Of
> Melwani, Manoj J
> Sent: Saturday, March 25, 2006 12:58 PM
> To: CCIE Group Study (E-mail)
> Subject: IE Lab 7 7.3 IPv6 Filtering.
>
> Can someone please explain me this?
>
> Task 7.3 IPv6 Filtering
>
> Configure R4 so that hosts running IPv6 in VLAN 38 do not have access
to
> IPv6 enabled hosts in VLAN 4. Do not use a prefix-list to accomplish
this.
>
> Solution
>
> interface Serial0/0
> ipv6 traffice-filter DENY_FROM_VLAN38 in
>
> interface Serial0/1
> ipv6 traffice-filter DENY_FROM_VLAN38 in
>
> ipv6 access-list DENY_FROM_VLAN38
> deny ipv6 FEC0:CC1E:38::/64 any
> permit ipv6 any any
>
>
> The question says we only need to deny access from VLAN 38 to VLAN 4
why
> are we putting the traffic-filter command under S0/0 and S0/1 instead
of
> E0/1?
>
> Here's what I came up with:
>
> interface Ethernet0/1
> ipv6 traffice-filter DENY_FROM_VLAN38 out
>
> ipv6 access-list DENY_FROM_VLAN38
> deny ipv6 FEC0:CC1E:38::/64 any
> permit ipv6 any any
>
>
>
>
> Can someone pls explain.
>
>

• Next message: san: "IOS Version for RS lab recommended read ?"
• Previous message: Melwani, Manoj J: "RE: IE Lab 7 7.3 IPv6 Filtering."
• Maybe in reply to: Melwani, Manoj J: "IE Lab 7 7.3 IPv6 Filtering."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sat Apr 01 2006 - 10:07:40 GMT-3